beautypg.com

Dell POWEREDGE M1000E User Manual

Page 467

background image

Fabric OS Command Reference

435

53-1001764-02

ipSecConfig

2

type

Specifies the policy to be created. Supported policies include:

policy ips

Creates or modifies an IPSec policy. This policy determines the security
services afforded to a packet and the treatment of a packet in the network.
An IPSec policy allows classifying IP packets into different traffic flows and
specifies the actions or transformations performed on IP packets on each of
the traffic flows. The main components of an IPSec policy are: IP packet
filter/selector (IP address, protocol, and port information) and transform set.

subtype

A subtype is required when configuring an IPSec policy. The subtype
specifies the components to be configured. The following are required
subtypes for the IPSec policy:

selector

Creates a selector that is applied to the IP data traffic. A selector consists
of a set of parameters that identify the IP traffic that needs IPSec
protection. To configure the selector, the following parameters must be
specified:

-tag name

Specifies a name for the selector. This is a user-generated name. The
name must be between 1 and 32 characters in length, and may include
alphanumeric characters, dashes (-), and underscores (_).

-direction in|out

Specifies traffic flow direction as inbound or outbound.

-local IP_address[/prefixlength] Specifies the source IPv4 or IPv6 address.

-remote IP_address[/prefixlength]

Specifies the peer IPv4 or IPv6 address.

-transform name

Specifies the transform to be included in the selector. You must create
the transform before you can use in the selector. Use ipsecConfig
--

show policy ips transform to display existing transforms.

-protocol protocol_name

Specifies the upper layer protocols to be selected for IPSec protection.
Valid protocols include tcp, udp, icmp or any. When any is specified all
existing protocols are selected for protection. This operand is optional.

transform

Creates the IPSec transform set. The transform set is a combination of
IPSec protocols and cryptographic algorithms that are applied on the
packet after it is matched to a selector. The transform set specifies the
IPSec protocol, the IPSec mode, and the action to be performed on the IP
packet. It also specifies the key management policy that is needed for
the IPSec connection and the encryption and authentication algorithms
to be used in security associations when IKE is used as key management
protocol. The following operands are required:

-tag name

Specifies a name for the transform. This is a user-generated name. The
name must be between 1 and 32 characters in length, and may include
alphanumeric characters, dashes (-), and underscores (_).

See also other documents in the category Dell Computer Accessories: